<!--$Id: tcl.so,v 1.5 2008/01/12 13:42:41 bostic Exp $-->
<!--Copyright (c) 1997,2008 Oracle.  All rights reserved.-->
<!--See the file LICENSE for redistribution information.-->
<html>
<head>
<title>Berkeley DB Reference Guide: Release 4.7: Tcl API</title>
<meta name="description" content="Berkeley DB: An embedded database programmatic toolkit.">
<meta name="keywords" content="embedded,database,programmatic,toolkit,btree,hash,hashing,transaction,transactions,locking,logging,access method,access methods,Java,C,C++">
</head>
<body bgcolor=white>
<table width="100%"><tr valign=top>
<td><b><dl><dt>Berkeley DB Reference Guide:<dd>Upgrading Berkeley DB Applications</dl></b></td>
<td align=right><a href="../upgrade.4.7/repapi.html"><img src="../../images/prev.gif" alt="Prev"></a><a href="../toc.html"><img src="../../images/ref.gif" alt="Ref"></a><a href="../upgrade.4.7/interdir.html"><img src="../../images/next.gif" alt="Next"></a>
</td></tr></table>
<p align=center><b>Release 4.7: Tcl API</b></p>
<p>The Berkeley DB Tcl API does not attempt to avoid evaluating input as Tcl
commands. For this reason, it may be dangerous to pass unreviewed user
input through the Berkeley DB Tcl API, as the input may subsequently be
evaluated as a Tcl command.  To minimize the effectiveness of a Tcl
injection attack, the Berkeley DB Tcl API in the 4.7 release routine resets
process' effective user and group IDs to the real user and group IDs.</p>
<table width="100%"><tr><td><br></td><td align=right><a href="../upgrade.4.7/repapi.html"><img src="../../images/prev.gif" alt="Prev"></a><a href="../toc.html"><img src="../../images/ref.gif" alt="Ref"></a><a href="../upgrade.4.7/interdir.html"><img src="../../images/next.gif" alt="Next"></a>
</td></tr></table>
<p><font size=1>Copyright (c) 1996,2008 Oracle.  All rights reserved.</font>
</body>
</html>
